It was discovered that the interpreter for the Ruby language does not
properly maintain “safe levels” for aliasing, directory accesses and
regular expressions, which might lead to a bypass of security
restrictions.
For the stable distribution (sarge) this problem has been fixed in
version 1.6.8-12sarge2.
The unstable distribution (sid) does no longer contain ruby1.6 packages.
We recommend that you upgrade your Ruby packages.